Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c97742d-1387-4572-97bb-4e73ac315b47.roa
File:                     3c97742d-1387-4572-97bb-4e73ac315b47.roa (raw, json)
Hash identifier:          vmHO8eJnwOucUQbM3x82N1IUOuzC+qXPckgh2mEZJgI=
Subject key identifier:   CC:23:6E:65:04:A8:35:E9:48:7D:FD:D6:AE:83:4A:89:FF:14:52:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4525E5B10AE7B25FA6C72D346A38D37FADAF7A97
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c97742d-1387-4572-97bb-4e73ac315b47.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:25:e5:b1:0a:e7:b2:5f:a6:c7:2d:34:6a:38:d3:7f:ad:af:7a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=54a75c4acdb165efd169728447577fafb30c7379e9e63bb56139e61efd2dedaf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:66:d7:a5:8a:bc:dd:64:96:a5:d3:0d:dd:01:
                    fb:8b:d0:08:b9:65:e5:2a:8e:94:0a:70:ea:18:60:
                    fd:3d:66:30:04:c1:13:77:25:c4:ec:08:55:66:bb:
                    b4:0e:0b:3c:e4:98:9d:a4:96:24:9d:da:b7:4c:60:
                    d9:e3:ca:26:b9:70:97:10:ac:9a:04:07:76:b1:37:
                    2d:44:02:01:ec:e3:7c:1c:9e:e7:db:9d:78:9a:08:
                    2a:0c:06:3b:4b:dc:50:5d:cc:a4:f6:2c:03:5b:1b:
                    a2:13:f0:5a:c2:4f:b6:f2:48:f2:ac:65:09:eb:fe:
                    65:de:44:c9:69:e7:4b:39:41:61:b7:46:4a:d8:21:
                    a5:73:d9:00:71:8c:0d:75:94:9c:27:69:f6:8b:19:
                    b0:90:81:9d:68:97:07:15:72:b4:c5:26:7f:5e:09:
                    37:0a:53:1e:1c:ef:68:40:9f:ba:2d:62:5d:6e:55:
                    94:35:4c:1a:5a:da:5e:11:98:37:75:8b:db:47:c6:
                    2b:b0:9b:8a:20:8c:74:17:b0:06:77:7a:94:a9:19:
                    63:a7:eb:03:6d:24:29:a5:3b:5e:d9:75:fe:78:84:
                    ed:29:cc:b3:20:28:18:f3:3e:5a:67:7f:60:4c:79:
                    27:06:68:fc:ec:51:bc:38:0d:df:9b:55:29:9c:a3:
                    0d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:23:6E:65:04:A8:35:E9:48:7D:FD:D6:AE:83:4A:89:FF:14:52:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c97742d-1387-4572-97bb-4e73ac315b47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         22:55:69:30:17:de:cf:4b:f8:fd:6f:f9:66:49:cb:6e:78:2f:
         69:99:ad:aa:2a:24:e3:2f:41:13:19:8f:7d:2d:38:04:4c:46:
         59:d6:1e:09:48:81:18:01:59:34:48:48:a5:6b:60:b8:c0:ac:
         0b:63:00:5d:10:15:9d:e7:2b:55:ed:94:fc:1c:44:8c:cc:cd:
         77:12:b9:17:2f:16:ee:44:39:5b:81:80:e4:ed:11:5e:2d:f1:
         29:a9:68:41:f7:be:12:9f:8b:46:40:da:cf:65:5f:f9:f4:36:
         42:e5:6d:27:1e:e2:e5:4a:57:d9:57:96:32:51:47:9a:65:d7:
         b0:15:0d:f9:98:c1:2b:8e:43:7f:24:56:6e:fd:4d:32:5d:d7:
         a4:8b:65:fc:19:73:3f:ce:7e:f0:d0:cc:35:00:43:34:9c:b4:
         d2:ff:33:bb:08:9e:83:7f:b0:33:11:2f:08:b0:87:e0:71:ee:
         0b:a8:1c:1e:18:d0:10:9f:99:25:f8:c9:42:bf:13:ba:77:b5:
         63:a3:07:5e:bb:b2:3e:a3:73:dc:98:85:ec:9c:bc:73:8e:75:
         55:f7:b1:cd:33:62:5b:76:dd:0b:9b:5b:85:d9:5a:39:48:c8:
         7e:d4:1a:44:54:6f:21:87:a4:c0:32:4c:9f:db:01:63:ae:7a:
         c3:a6:c0:a2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURSXlsQrnsl+mxy00ajjTf62vepcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NGE3NWM0YWNkYjE2NWVmZDE2OTcyODQ0NzU3N2ZhZmIz
MGM3Mzc5ZTllNjNiYjU2MTM5ZTYxZWZkMmRlZGFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ZtelirzdZJal0w3dAfuL0Ai5ZeUqjpQKcOoYYP09ZjAE
wRN3JcTsCFVmu7QOCzzkmJ2kliSd2rdMYNnjyia5cJcQrJoEB3axNy1EAgHs43wc
nufbnXiaCCoMBjtL3FBdzKT2LANbG6IT8FrCT7bySPKsZQnr/mXeRMlp50s5QWG3
RkrYIaVz2QBxjA11lJwnafaLGbCQgZ1olwcVcrTFJn9eCTcKUx4c72hAn7otYl1u
VZQ1TBpa2l4RmDd1i9tHxiuwm4ogjHQXsAZ3epSpGWOn6wNtJCmlO17Zdf54hO0p
zLMgKBjzPlpnf2BMeScGaPzsUbw4Dd+bVSmcow23AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUzCNuZQSoNelIff3WroNKif8UUlAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjOTc3NDJkLTEzODctNDU3Mi05N2JiLTRlNzNhYzMxNWI0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB84IDANBgkqhkiG9w0BAQsFAAOCAQEAIlVpMBfez0v4/W/5ZknLbngv
aZmtqiok4y9BExmPfS04BExGWdYeCUiBGAFZNEhIpWtguMCsC2MAXRAVnecrVe2U
/BxEjMzNdxK5Fy8W7kQ5W4GA5O0RXi3xKaloQfe+Ep+LRkDaz2Vf+fQ2QuVtJx7i
5UpX2VeWMlFHmmXXsBUN+ZjBK45DfyRWbv1NMl3XpItl/BlzP85+8NDMNQBDNJy0
0v8zuwieg3+wMxEvCLCH4HHuC6gcHhjQEJ+ZJfjJQr8Tune1Y6MHXruyPqNz3JiF
7Jy8c451VfexzTNiW3bdC5tbhdlaOUjIftQaRFRvIYekwDJMn9sBY656w6bAog==
-----END CERTIFICATE-----